OIDC backchannel logout

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Problem to solve

Initiate Gitlab logout from SSO provider. When user is for example logged out by Keycloak admin, the Gitlab session still works and user is able to work with Gitlab.

Backchannel logout as per https://openid.net/specs/openid-connect-backchannel-1_0.html, would solve this issue.

Proposal

Backchannel logou should be implemented as per https://openid.net/specs/openid-connect-backchannel-1_0.html in my opinion.

Intended users

Systems Administrator/Security Operations Engineer

typefeature authentication oauth

Edited Sep 25, 2025 by 🤖 GitLab Bot 🤖